W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2015

Re: Suggestion for sensitive online content

From: François Légaré <flegare@gmail.com>
Date: Fri, 14 Aug 2015 21:50:23 -0400
Message-ID: <CAGhQHriMtWrdtv+_Y8ok236Kz2RYqK892XuEDVbkmp=vXkxz3Q@mail.gmail.com>
To: Nick Doty <npdoty@w3.org>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Hi Nick,

Yes sensitive is the word, sensible is the french version of the word my
bad ;) I stay tuned to see if browser leaders are interested in this
behaviour.

Regards,

Francois



On Thu, Aug 13, 2015 at 4:56 PM, Nick Doty <npdoty@w3.org> wrote:

> Hi François,
>
> That's an interesting privacy problem and proposal. (I've changed the
> subject line, because I believe you're primarily talking about sensitive
> content, rather than sensible content.)
>
> Work has begun recently in the WebAppSec group on a mechanism (HTTP
> response header) for sites to clear all local content (like cookies and
> localStorage) for their origin, as a security and privacy measure:
> http://www.w3.org/TR/clear-site-data/
>
> I'm not sure they're specifically considering the use case of wanting to
> clear browser history for a potentially sensitive website, but it sounds
> not dissimilar from their set of goals, so it would be worth considering.
>
> The other existing technology that could be used would be declarative
> mechanisms for content selection, like PICS (deprecated) and POWDER:
> http://www.w3.org/2007/powder/
>
> That would be an existing mechanism to declare a value like,
> "sensitive-anonymous", which supporting user agents could interpret as a
> sign that they should use private browsing mode (no local cache).
>
> It sounds like the site you're working with would be willing to spend the
> minor resources to implement this kind of flag. We would need to check
> whether prominent browser vendors are interested in implementing the
> client-side version.
>
> Hope this helps,
> Nick
>
> On Aug 12, 2015, at 10:42 AM, François Légaré <flegare@gmail.com> wrote:
>
> Hi
>
> I work for a big telecom company in Canada that currently give various
> sponsorship for mental health organisations. Part of the sponsorship is
> making sites and mobile applications to help individual get online help and
> access information and resources that are often sensible.
>
> One example is  http://www.kidshelpphone.ca/ they provide anonymous phone
> line for kids that may have issue or problem in their family. This lead to
> a sensitive problem, a kid visiting this site need to know how to clean
> browsing history since a adult seeing the browsing history might challenge
> the kids about the visit and lead to more stress or bigger problems. They
> did explain on the site header how to flush history and train visitor about
> the anonymous tab, this isn't perfect at all, because it really entirely on
> the user actions and the assumption that he read and understood the
> section.
>
> Since not all internet user are tech savvy and are aware of the anonymous
> tabs, so my suggestion for the W3C would be the following:
>
> A head meta tag that could help define sensitivity level of the online
> html content. This tag once detected by the browser could apply various
> policy to increase anonymity and reduce potential problems, ideally default
> policies would implicitly insure higher privacy for the end users.
>
> For instance browser that detect the meta tag could automatically go in
> "anonymous mode" and don't track browsing history, remove cached content,
> etc. This will insure a more anonymous browsing experience for such site
> for users that are less aware of the already available privacy features.
> Content rating meta tag to some extends could be used but this is a bit
> far fetch but could be less involving since tags already exist.
>
> Of course I'm quite sure, site with adult content would also be like such
> features but this is not really the issue I'm trying to resolve at this
> point.
>
> According to some of the W3C members this is a valid place to submit this
> suggestion, I hope this will be well received.
>
> Regards,
>
> Francois
>
>
>
Received on Saturday, 15 August 2015 01:51:42 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 15 August 2015 01:51:42 UTC